Letter Re: Stronger Passwords for the Masses

Dear Editor,
A long tome ago, I looked at diceware as Michael Z. Williamson mentioned (love that XKCD cartoon), and I don’t find it quite as robust as I would like for password generating (I have one diceware-ish password I use for convenience, but used a couple of foreign words and specific capitals as well). Creating a series of simple words that forces the attackers to use a brute force attack on it anyway, made me want to go out and find out a better way to find brute-force-resistant passwords.

What makes it a really good password generator (relative to most others) are the following features:

First, It just doesn’t randomly generate passwords (though, it can), it gives you the ability to input an alpha-numeric seed, so that using the seed “cat” will always generate the same groupings of passwords/keys.

The benefit to this is that if you share a specific seed key with someone else (um … in person that you can easily remember and associate with them) like CrazyTimeInVegas, then you have created a an easy way for each of you to generate one-time-use pads.

It allows you to choose how long of key, and other characteristics about the passwords generated.

So, you encrypt a file, send it to them through e-mail, and in your subject line you write, “62,394 more reasons Nancy Pelosi is awesome” …. which codes to your receiver to use 62 digit key and choose the 394th key generated. (or, come up with an agreed upon way to alter it even more … i.e., drop the 6 in the header but know that you’ll always use a 60 digit length key). Or better, snail mail them a memory card with the information you want to send, with the NSA storing all e-mail, you can be sure that as they get faster and faster (and get into quantum computing encryption breakers, that all forms of encryption will be broken at some point).

Combine that with sending your information in triple-cascading 1 mb Truecrypt drive, or other encryption routine, and you’ll be one step up. At least until quantum processing starts annihilating all forms of simple encryption.

2nd Benefit: It stores on your local computer and can run in any browser (you aren’t using a web site to run it through the Internet, you can be offline whenever it runs). One can also add a couple of default numbers (don’t do the seed), so you don’t need to type a couple of the less useful features (like the number of digits between separators and which separator to use … answer: none). It’s a simple javascript and the code is open source so you don’t have to worry about backdoors/it sending out extra data, etc. The code is wide open for everyone to see.

3rd: It’s free. Go to the web site, save the page to your computer, and never run it off the web site again. (The author of the site suggests doing this.) Keep a copy of the script in your e-mail drafts as a backup and forward to your friends who need it.

It fills a nice gap, there are still important things to consider like physical security of your device (i.e., if they install monitoring software on your machine, or a keyboard tracker, or a webcam that can view your keyboard, it doesn’t matter how good your encryption is), and finding an easy-for-you-impossible-for-them way of keeping track of your password generating keys. – C.S. in the Midwest

Please let others know they too can trust SurvivalBlog for the most reliable and practical survival information by voting for SurvivalBlog on topprepperwebsites.com

James Wesley Rawles

James Wesley, Rawles (JWR) is Founder and Senior Editor of SurvivalBlog, the original prepping /survival blog for when the Schumer Hits The Fan (SHTF). He began SurvivalBlog in 2005. It now reaches more than 320,000 unique visitors weekly.
JWR is a journalist, technical writer, and novelist. His survivalist novel Patriots: Surviving the Coming Collapse, is a modern classic that reached #3 on the New York Times bestsellers list. Two of his other novels have also been best New York Times bestsellers.
Jim is the originator of the American Redoubt movement and a frequent talk show guest on shows such as Alex Jones. He is also a retreat consultant specializing in off-grid living, rural relocation, and survival preparedness.

Hugh James Latimer

Hugh James Latimer (HJL) is the Managing Editor of SurvivalBlog, the original blog for prepping and survival for when SHTF, where he manages the blog's day-to-day operations, applying his diverse technical, management, and editorial expertise.
HJL earned college degrees in engineering, metallurgy, and education and has worked as Technical Editor for five international technical journals and as an engineer for Sandia National Laboratories. His deep scientific background ranges from aerospace engineering to systems administration and owning his own technology-intensive business.
HJL is a firefighter/EMT, and Ham radio operator. He's a Libertarian, an Eagle Scout, and most importantly a devoted follower of Jesus and the Bible.

Support SurvivalBlog

A $3/month subscription. That's only $0.10/day for some of the finest Survival/Prepping content around!
----
A One-Time Donation (You choose the amount):
----
A $5 Dollar bill, a €5 Euro bill, a few Pre-1965 silver dimes, or a booklet of "Forever" U.S. postage stamps sent in the mail also works! :-)
We greatly appreciate your support to help keep this blog up and running! Our mail forwarding address is: